CVE-2022-25091

Published: Apr 27, 2023Modified: Feb 3, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.

Affected (1)

Products: Infopop: Ultimate Bulletin Board

Infopop

1 product

Ultimate Bulletin Board

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Infopop Ultimate Bulletin Board	Up to 5.47a

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (10)

http://www.infopop.com/support/ubbclassic/version5.html

Source: cve@mitre.org

Broken Link

https://marc.info/?l=vuln-dev&m=97486849231786&w=2

Source: cve@mitre.org

Mailing List

https://vulners.com/securityvulns/SECURITYVULNS:DOC:954

Source: cve@mitre.org

Mailing List

https://web.archive.org/web/20030207100935/

Source: cve@mitre.org

Not Applicable

https://web.archive.org/web/20030207100935/http://www.infopop.com/support/ubbclassic/version5.html

Source: cve@mitre.org

Release Notes

http://www.infopop.com/support/ubbclassic/version5.html